Femtocell Security Vulnerabilities

Alex Wanda
0
Femtocell networks utilize wireless and fixed broadband access technologies to offer their unique benefits. Both networks by themselves conventionally have security issues that must be addressed. As a result, femtocell networks are vulnerable to security concerns that occur in both wireless and fixed broadband networks. Just as i have earlier discussed about GPRS Backbone Network Security Weakness and Threats – sumarrized in an illustration i will do the same in this article; Below is an illustration showing the Femtocell Security Vulnerabilities;








In order for a network security breach to occur, the intruder must gain access to the network. The above illustration shows some of the vulnerable areas where an intruder can directly or indirectly attempt to breach security of a femtocell customer. Shown in the figure are the symbols T, D, S, and I that indicate the likely type of attack that can be attempted. T is for theft of service, D is for denial of service, S is for snooping attempts, and I is for intercepting and modifying a user’s content. The most obvious access point for an intruder is over the air interface, since the accessibility is simply to be within the radio range of the femtocell. Common threats over the air interface are the theft of service and snooping. Air interface intrusions are avoided by using ciphers to encrypt the signals transmitted between a wireless endpoint and the femtocell Home NodeB. Another access point for an intruder is at the broadband access interface. Some broadband access technologies, such as cable, use a shared access interface that could allow intruders to attempt theft of service or to snoop a customer’s traffic. Another easy access point for a potential intruder is through the public Internet. A femtocell Home NodeB uses IPsec to encrypt communications between itself and an IP access security gateway, allowing it protected access to the IMS network. The sections of this chapter dealing with IPsec provide details on different implementation options that exist for IPsec. All of the access points mentioned provide opportunities for denial of service (DoS) attacks by a potential intruder by simply generating a large amount of traffic directed at any one device, especially a Home NodeB. To protect against DoS attacks, security gateway devices at both the access network and the IP borders in the core would implement DoS protection. DoS protection works by monitoring the rate of traffic from all sources. If any one source becomes overactive, the first security gateway that receives traffic from that source will treat it as misbehaving and drop all of its traffic. This DoS protection shields the rest of the network from the DoS attack, avoiding service disruption.

Post a Comment

0Comments

Post a Comment (0)
Subscribe Us

Get free daily email updates!

Follow us!